14 DAY TRIAL // The Australian Taxation Office (ATO) warns that cybercriminals are using a tax refund phishing campaign to push a variant of the notorious ZeuS banking trojan.
Like in most phishing attacks of this sort, the fake emails purport to come from the taxation agency, in this case ATO, and tell recipients they are eligible to receive a tax refund.
Users are instructed to open the attached file called "Restore your account.zip" and fill out the form inside.
However, the archive doesn't only contain an HTML phishing form for inputting financial details, but also an installer for the ZeuS trojan.
ZeuS is the most popular and sophisticated banking trojan and is commonly used by fraudsters to steal online banking logins and other sensitive information.
We have previously seen ZeuS distribution campaigns use tax return filings as lure, but never coupled with a phishing attack.
Using both phishing and ZeuS is a bit of an overkill that might make the emails easier to block. Not to mention that some antivirus programs might alert users about the malware in the zip file, thus killing any phishing chance.
The rogue form reads "You have received this file because after the last annual calculation of your fiscal activity we have determined that you are eligible to receive a tax refund of $120.50. Please fill out and submit this form in order to process the tax refund and allow us 3-9 business days."
It has fields for inputting credit card information, as well as PayPal account credentials and even information such as mother's maiden name which is commonly used as answer to security questions.
"Any email requesting personal and credit or debit card details before a refund can be released is a hoax," said Tax Commissioner Michael D’Ascenzo, according to iTnews, noting that the agency would never request such details over email.